Start ntpd first unless we do not want it.

Make sure we do sync the clock leaping to the current correct time.
This avoids problems with bad dates on certificates, etc..

ipa-server/ipa-install/ipa-replica-install

@@ -42,6 +42,8 @@ class ReplicaConfig:
 def parse_options():
     from optparse import OptionParser
     parser = OptionParser()
+    parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+                      help="do not configure ntp", default=True)
     parser.add_option("-d", "--debug", dest="debug", action="store_true",
                       default=False, help="gather extra debugging information")
 
@@ -171,6 +173,12 @@ def main():
     except ldap.INVALID_CREDENTIALS, e :
         sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
 
+    # Configure ntpd
+    if options.conf_ntp:
+        ntp = ntpinstance.NTPInstance()
+        ntp.create_instance()
+
+    # Configure dirsrv
     install_ds(config)
 
     repl = replication.ReplicationManager(config.host_name, config.dirman_password)
@@ -189,10 +197,6 @@ def main():
     webgui = httpinstance.WebGuiInstance()
     webgui.create_instance()
 
-    # Configure ntpd
-    ntp = ntpinstance.NTPInstance()
-    ntp.create_instance()
-
     service.restart("dirsrv")
     service.restart("krb5kdc")
 
@@ -214,4 +218,4 @@ except Exception, e:
     for str in traceback.format_tb(sys.exc_info()[2]):
         message = message + "\n" + str
     logging.debug(message)
-    sys.exit(1)    
+    sys.exit(1)

ipa-server/ipa-install/ipa-server-install

@@ -75,6 +75,8 @@ def parse_options():
                       default=False, help="unattended installation never prompts the user")
     parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
                       default=False, help="uninstall an existing installation")
+    parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
+                      help="do not configure ntp", default=True)
 
     options, args = parser.parse_args()
 
@@ -320,11 +322,11 @@ def main():
     print "This program will setup the FreeIPA Server."
     print ""
     print "This includes:"
+    print "  * Configure the Network Time Daemon (ntpd)"
     print "  * Create and configure an instance of Directory Server"
     print "  * Create and configure a Kerberos Domain Controller (KDC)"
     print "  * Configure Apache (httpd)"
     print "  * Configure TurboGears"
-    print "  * Configure the Network Time Daemon (ntpd)"
     print ""
     print "To accept the default shown in brackets, press the Enter key."
     print ""
@@ -445,6 +447,11 @@ def main():
         print "The following operations may take some minutes to complete."
         print "Please wait until the prompt is returned."
 
+    # Configure ntpd
+    if options.conf_ntp:
+        ntp = ipaserver.ntpinstance.NTPInstance()
+        ntp.create_instance()
+
     # Create a directory server instance
     ds = ipaserver.dsinstance.DsInstance()
     ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
@@ -483,10 +490,6 @@ def main():
     service.print_msg("restarting the KDC")
     krb.restart()
 
-    # Configure ntpd
-    ntp = ipaserver.ntpinstance.NTPInstance()
-    ntp.create_instance()
-
     # Set the admin user kerberos password
     ds.change_admin_password(admin_password)
 

ipa-server/ipa-install/share/Makefile.am

@@ -20,6 +20,7 @@ app_DATA =				\
 	krb.con.template		\
 	krbrealm.con.template		\
 	ntp.conf.server.template 	\
+	ntpd.sysconfig.template 	\
 	preferences.html.template 	\
 	referint-conf.ldif		\
 	dna-posix.ldif			\

ipa-server/ipa-install/share/ntpd.sysconfig.template

@@ -0,0 +1,8 @@
+# Drop root to id 'ntp:ntp' by default.
+OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"
+
+# Set to 'yes' to sync hw clock after successful ntpdate
+SYNC_HWCLOCK=yes
+
+# Additional options for ntpdate
+NTPDATE_OPTIONS=""

ipa-server/ipaserver/ntpinstance.py

@@ -35,25 +35,34 @@ class NTPInstance(service.Service):
         # or we can get our own pool.
         os = ""
         if ipautil.file_exists("/etc/fedora-release"):
-            os = "fedora."
+            os = "fedora"
         elif ipautil.file_exists("/etc/redhat-release"):
-            os = "rhel."
+            os = "rhel"
 
         sub_dict = { }
-        sub_dict["SERVERA"] = "0.%spool.ntp.org" % os
-        sub_dict["SERVERB"] = "1.%spool.ntp.org" % os
-        sub_dict["SERVERC"] = "2.%spool.ntp.org" % os
+        sub_dict["SERVERA"] = "0.%s.pool.ntp.org" % os
+        sub_dict["SERVERB"] = "1.%s.pool.ntp.org" % os
+        sub_dict["SERVERC"] = "2.%s.pool.ntp.org" % os
 
         ntp_conf = ipautil.template_file(ipautil.SHARE_DIR + "ntp.conf.server.template", sub_dict)
+        ntp_sysconf = ipautil.template_file(ipautil.SHARE_DIR + "ntpd.sysconfig.template", {})
 
         sysrestore.backup_file("/etc/ntp.conf")
+        sysrestore.backup_file("/etc/sysconfig/ntpd")
 
         fd = open("/etc/ntp.conf", "w")
         fd.write(ntp_conf)
         fd.close()
 
-    def __start(self):
+        fd = open("/etc/sysconfig/ntpd", "w")
+        fd.write(ntp_sysconf)
+        fd.close()
+
+    def __stop(self):
         self.backup_state("running", self.is_running())
+        self.stop()
+
+    def __start(self):
         self.start()
 
     def __enable(self):
@@ -61,13 +70,14 @@ class NTPInstance(service.Service):
         self.chkconfig_on()
 
     def create_instance(self):
-        self.step("writing configuration", self.__write_config)
 
         # we might consider setting the date manually using ntpd -qg in case
         # the current time is very far off.
 
-        self.step("starting ntpd", self.__start)
+        self.step("stopping ntpd", self.__stop)
+        self.step("writing configuration", self.__write_config)
         self.step("configuring ntpd to start on boot", self.__enable)
+        self.step("starting ntpd", self.__start)
 
         self.start_creation("Configuring ntpd")